You land on a website. You haven’t even seen its content yet. And then—bam!—a massive banner covers half your screen: “We use cookies to improve your experience. Accept all?”
Most of us just click Accept. It’s fast, it kills the banner, and honestly, what’s the worst that can happen? It’s cookies. Not actual cookies, obviously — nobody’s sending you shortbread — but still. How bad can it be?
Pretty bad, as it turns out. Here’s what’s actually happening behind that button, why every website on the internet seems weirdly desperate for you to click it, and whether smashing “Reject All” is actually the smarter move — or just a different kind of trap.
First — What Even Are Cookies?
Nothing exotic. They’re just tiny text files a website saves onto your device when you visit. That’s genuinely all they are.
The original idea was actually useful. Back in the 1990s, Netscape engineers invented cookies to solve one very boring but very real problem: how do you build an online shopping cart? Without cookies, every time you clicked to a new page the website would completely forget you — your cart, your login, your preferences. All gone. Cookies fixed that by giving the site a way to remember you between pages.
Think of it like getting your hand stamped at a theme park. The stamp doesn’t know your name or your life story. It just proves you’ve been here before, so you don’t have to queue at the entrance every time you come back from a ride. Harmless. Practical. Good idea.
Then the advertising industry found out about it, and things got complicated fast.
Why Websites Are So Desperate for You to Click Accept
It’s not about your experience. It never really was. It’s about money.
Most websites are free — no subscription, no paywall. So how do they pay their bills? Advertising. But not just any advertising — targeted advertising. An ad shown to a random stranger is worth almost nothing. An ad shown to exactly the right person, at exactly the right moment, based on their browsing history, their interests, their recent searches, what they almost bought last Tuesday? That’s worth a lot.
When you click “Accept All,” you’re not just letting the website function. You’re handing over permission to dozens — sometimes hundreds — of companies to track everything you do online. Where you browse, what you click, what you buy, what you hovered over and didn’t buy. All of it gets packaged, analysed, and sold. Companies build detailed profiles on you — your interests, your habits, sometimes even your health concerns — just from watching how you move around the internet.
That’s the business model. Your attention and your data are the product. The cookie banner is just the paperwork they’re legally required to show you.
What Actually Happens the Second You Hit Accept All
This is the part nobody explains. You click the button. Banner disappears. Feels like nothing changed.
But in that split second, a lot just happened. The website immediately starts dropping cookies into your browser — not one or two, but dozens. Sometimes hundreds. Your browser now has cookies from the main site, plus cookies from Google Analytics, Facebook Pixel, advertising networks, data brokers, and companies with names you’d never recognise if you saw them. Every one of those is a tracker. And they’re not sitting there passively — they’re running scripts in the background, logging everything. Every page you visit. Every link you click. How long you stayed. What you scrolled past without stopping.
It’s like inviting fifty silent strangers into the room every time you open a new tab — and none of them introduce themselves.
Not All Cookies Are the Same — This Part Actually Matters
The cookie banner lumps everything together on purpose. But there are real differences worth knowing.
Essential cookies — can’t be turned off, and you wouldn’t want to. These are what keep your shopping cart alive between pages and keep you logged in. Completely fine.
Functional cookies — also pretty harmless. They remember your preferred language, your region, your display settings. They’re just saving you time.
Analytics cookies — these let website owners see how people use their site. Which pages are popular, where people drop off, what’s broken. Most people are genuinely okay with this one, and it actually helps websites improve.
Advertising cookies — and here’s the one. Unlike the others, these follow you between completely different websites to build a bigger picture of who you are. You spend ten minutes reading an article about running shoes on one site, and suddenly every website you open for the next three weeks is showing you trainers. That’s advertising cookies doing exactly what they were designed to do.
When you click “Accept All,” you’re saying yes to all four. Including that last one.
The Dark Patterns Nobody Wants to Talk About
Here’s where it gets genuinely uncomfortable. It’s not just that websites ask for your consent — many of them are specifically engineered to trick you into giving it.
The “Accept All” button is big. Bright. One click. The “Reject All” option — if it even exists — is greyed out, buried at the bottom, or hidden behind three more screens of settings you have to manually untick one by one. They’re counting on you being busy, tired, or just desperate to read the article you came for. And it works brilliantly.
Cookie banners use deliberately mismatched button styles — high contrast for accept, low contrast for reject. They use warm, positive framing like “We use cookies to enhance your experience” while quietly skipping the part about third-party advertising networks getting a copy of your entire browsing history. It’s manipulation with a friendly font.
It got bad enough that regulators finally stepped in. France’s data protection authority fined Google €150 million and Facebook €60 million specifically for making it harder to reject cookies than to accept them — pointing out that several clicks were needed to refuse, against just one to agree. Then in September 2025, Google got hit with an even bigger €325 million penalty, and Shein was fined €150 million. Some of the largest cookie-related fines ever handed out.
They knew exactly what they were doing. They just eventually got caught.
📊 The Cookie Reality Check
| What the Banner Says | What’s Actually Happening |
|---|---|
| “Enhance your experience” | Advertising networks tracking your every click |
| “Accept All” is one click | Reject All requires 3–5 more clicks on most sites |
| “We value your privacy” | Up to 43% of websites still set tracking cookies after you reject |
| “Third-party partners” | Could be hundreds of ad companies you’ve never heard of |
| “You can change your mind anytime” | Almost nobody ever actually goes back to do this |
Sources: ignite.video Cookie Consent Studies, CNIL enforcement reports, The Conversation (2025)
So What Happens If You Click Reject All?
More complicated than you’d think.
The good news: choosing “Reject All” declines all non-essential cookies. You keep access to the basic content. The site still works. You just don’t get personalised features, and the ad networks don’t get your data.
The bad news: 43% of websites still set tracking cookies after you reject. Nearly half. You clicked the button, felt good about yourself, and they quietly ignored you anyway.
And here’s the genuinely weird twist — some research suggests that consistently rejecting cookies doesn’t make you invisible at all. Algorithms can identify “people who always reject” as a demographic and use collaborative filtering to build a profile based on what similar users do. You opted out. They opted you back in through the side door.
The Stat That Should Embarrass All of Us
85% of visitors click “Accept All” within seconds of seeing the banner.
Meanwhile, 78% of people say they’re worried about online privacy and data collection.
Read that again. Slowly. Nearly 8 in 10 people say they care about privacy. And 85% click accept without reading a single word. The banner is basically a consent form that everyone signs without looking — because it’s standing between them and the thing they actually came to do. Websites designed it that way on purpose. And it works every single time.
What You Should Actually Do
None of this is complicated. A few real options:
Click “Reject All” when it’s easy to find — especially on news sites, retail sites, and social platforms. You’ll still get the content. The site just can’t build a profile on you.
Don’t bother with “Customise” — it’s designed to be exhausting on purpose, with dozens of toggles across multiple screens, hoping you’ll just give up and click accept. Don’t give them the satisfaction.
Switch to Firefox or Brave — both block third-party tracking cookies by default. Safari does too, to a decent extent. Chrome — made by Google, the world’s largest advertising network — is historically the least protective. Funny how that works.
Install uBlock Origin — it blocks the tracking infrastructure before it even loads. Cookies can’t track you if the tracker never gets a chance to run.
Don’t worry about essential cookies — your login, your cart, the site loading in your language. That’s all fine. That’s what cookies were invented for, before everything got complicated.
The Uncomfortable Bottom Line
Cookie banners exist because of GDPR — a privacy law that was supposed to give you real control over your data. What actually happened is the advertising industry turned that legal requirement into a dark-pattern machine that gets most people to consent to everything before they’ve even had a chance to think about it.
Back in 2018–2019, 60 to 90% of users clicked Accept All, mostly because there were no real rejection options. In 2024–2025, that’s dropped — about half to two-thirds now reject when a proper Reject All button is actually visible and easy to find. People are catching on. Slowly.
The next time that banner pops up, you don’t have to just swipe it away. You can actually read what you’re being asked. It takes an extra three seconds.
Probably worth it.
Frequently Asked Questions
Q1: Do I have to accept cookies to use a website? No—and legally, within the EU, websites cannot block your access simply because you have declined cookies. Under the GDPR, so-called “cookie walls” are illegal. Nevertheless, some sites still attempt to do this. If they do, you can usually find a workaround or report them.
Q2: Can cookies actually hack me or steal my data? Standard cookies can’t — they’re just text files, not executable code. But on public Wi-Fi, someone could intercept unencrypted cookies to impersonate you on certain sites. Stick to HTTPS connections (the padlock) and you’re largely fine.
Q3: Why does the same cookie banner keep coming back after I rejected it? Because the record of your rejection is stored as — yes — a cookie. Clear your browser history, cookies go with it, and the website has no memory of what you said last time. It asks again. Completely circular. Almost impressive, honestly.
Q4: Is rejecting all cookies always the right call? Not always. For a site you use regularly and trust — your bank, a news outlet you subscribe to — analytics cookies actually help them understand what’s working. The ones worth rejecting are advertising and third-party trackers, especially on sites you’ve never visited before.
Q5: What happens to data already collected from my old clicks? It doesn’t disappear the moment you start rejecting. Companies that collected data under your past consent can keep using it until it expires or you request deletion. In the EU, you have the right to formally request your data be deleted under GDPR. In India, similar rights are being established under the Digital Personal Data Protection Act. Look for “Data Deletion Request” in the company’s privacy policy — it’s usually buried, but it’s there.
Sources: The Conversation (May 2025), ignite.video Cookie Consent Studies (2025), CookieYes Internet Cookie Statistics (2025), CNIL Enforcement Reports (2022–2025), Captain Compliance CNIL Fines Report (September 2025), SecurePrivacy Cookie Consent Psychology (2025), Advance Metrics Cookie Behaviour Study (2024).